You are here
Home > Preporuke > Ranjivost programskog paketa mutt

Ranjivost programskog paketa mutt

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2440-1
December 11, 2014

mutt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

The mutt mail client could be made to crash if it opened a specially
crafted email.

Software Description:
– mutt: text-based mailreader supporting MIME, GPG, PGP and threading

Details:

Jakub Wilk discovered that the write_one_header function in mutt
did not properly handle newline characters at the beginning of a
header. An attacker could specially craft an email to cause mutt to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
mutt 1.5.23-1.1ubuntu0.2
mutt-patched 1.5.23-1.1ubuntu0.2

Ubuntu 14.04 LTS:
mutt 1.5.21-6.4ubuntu2.1
mutt-patched 1.5.21-6.4ubuntu2.1

Ubuntu 12.04 LTS:
mutt 1.5.21-5ubuntu2.2
mutt-patched 1.5.21-5ubuntu2.2

Ubuntu 10.04 LTS:
mutt 1.5.20-7ubuntu1.3
mutt-patched 1.5.20-7ubuntu1.3

After a standard system update you need to restart any running
instances of mutt to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2440-1
CVE-2014-9116

Package Information:
https://launchpad.net/ubuntu/+source/mutt/1.5.23-1.1ubuntu0.2
https://launchpad.net/ubuntu/+source/mutt/1.5.21-6.4ubuntu2.1
https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.2
https://launchpad.net/ubuntu/+source/mutt/1.5.20-7ubuntu1.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUigRSAAoJEC8Jno0AXoH0xtQP/jxsKtiUCvcvoF7ytOH/bgiN
wAcCj5cvTvwHZMAIWir/ja7PQ8Cz9tV+iwPrcYBo4tf3S8NbUoiR+tlRYOdNHe4i
COkPjjmE62lMgvusckO/4vQJQ3UNULLUWldJ+rZT8WVzUZHcXKKqYY+jMwHUuYlv
bfseyPpABeJhHeKbLUrBPnI3EnIhLMVUPFnACazxKLeBV69IfIXeaT5dAwblQUdL
76qmA1kBvOEVxgJywc6SpDBlVOHldA/OZjtr5cxI996InK/nBVZKU0XS+HQWk88t
5bHNowT3vQALTS23700fwJYZmQk7ZWrFHPl16SCH77QzApoB09oDAs306/yQ69uL
t4XcOgLLpQmvznaYGfjPTAhe4HglT2OWZxmbcys9ctt8Ig5Lp6i6oC04th9out9d
eNrFGcbvPcdJNPnMGKGg2GZwgD2JTtuqD80iZAaVnr9Rlb5WhM2axeHn2/vsVqgp
Y6csODrR2AGubNqSyko5UICAlvNmlQf0FGZnNyps2BlG2EnO/n9+SGRvR09a3G3n
aDjIPDQ43E4aA9eRxyJUPiPvAwtw4iLZVdscVqKq2RMydK/zzkg54gL/EX/GnIC0
sNLK/BdUjpCt86cuUBIyETNoyh+3uFFGkHfUnrQTeKbDy7omSL0r0bRbo1lJw2bU
5WKkAuwhGswyUMe3rPA2
=I23G
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-12-0041-ADV
CveCVE-2014-9116
ID izvornikaUSN-2440-1
Proizvodmutt
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Sigurnosni nedostaci AMD64 x86 emulacijskih biblioteka

Otkriveni su sigurnosni nedostaci AMD64 x86 emulacijskih biblioteka za operacijski sustav Gentoo. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close